Password
What is Password?
PasswordA secret string of characters that a user supplies to prove identity to a system, traditionally the dominant single-factor authentication mechanism.
Passwords are the oldest and still most widely deployed form of authentication: the user presents a known secret and the server compares it (or, properly, a salted hash of it) against a stored value. Weaknesses are well known — reuse across sites, short or guessable values, exposure in breach corpora, and susceptibility to phishing, credential stuffing, password spraying, and keylogging. Defensive controls include enforcing length (NIST SP 800-63B recommends 8+ characters and screening against known-bad lists), modern hashing with bcrypt, scrypt, or Argon2, rate limiting, breach monitoring, MFA, and migration to passkeys for phishing-resistant authentication.
● Examples
- 01
Logging in to an email account by entering username and password.
- 02
A web application storing user passwords as bcrypt hashes with per-user salts.
● Frequently asked questions
What is Password?
A secret string of characters that a user supplies to prove identity to a system, traditionally the dominant single-factor authentication mechanism. It belongs to the Identity & Access category of cybersecurity.
What does Password mean?
A secret string of characters that a user supplies to prove identity to a system, traditionally the dominant single-factor authentication mechanism.
How do you defend against Password?
Defences for Password typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Password?
Common alternative names include: Password authentication, Shared secret.